Just curious but where are you getting the 20.5k btc figure from? Is it in that article? (I skimmed quickly but didn't see it).
At the time of the bankruptcy it was widely publicised that they held 0BTC on the exchange. However they may have held gbtc? Every time i hear coverage about this it always seems to gloss over this point.
The 'Chaum rule', which is that basically every interesting construct and protocol in applied cryptography goes back to an obscure typewritten manuscript by David Chaum from the early 80s, strikes again, kinda:
The idea of a distributed key generation without a trusted third party seems to first get addressed in a 1990 paper by Ingmarsson and Simmons (quickly followed up with the much more famous Pedersen paper in 91). In that '90 paper they bemoan that no one had previously taken seriously the idea of avoiding a trusted third party, *except* an '85 paper by Meadows which i can't find on the internet. They then note that Meadows
"..attributes the question of whether a shared secret scheme can be set up without the assistance of a trusted key distribution center to Chaum, however the paper of his that she cites, 'Some Open Questions' did not appear in the proceedings of Crypto '84 where she references it."
How is it possible that there isn't a variant of FROST using bilinear pairings called 'BIFROST' yet? The cryptography community is really slacking.
An interesting detail on FROST:
"Note that in a distributed setting, each participant P i must be sure to have the same view of C as all other participants. In practice, implementations guarantee consistency of participants’ views by using techniques such as posting commitments to a centralized server that is trusted to provide a single view to all participants, or adding another protocol round where participants compare their received commitment values to ensure they are identical."
(from the 2020 paper).
I know this basically a meme, but in this case, publishing the data to the blockchain is not inconceivable... or possibly an opentimestamps setup, so you xould check your local view agrees with what is published? Not sure.
I'm keen to better understand these tradeoffs; FROST can be used even for N of N, it involves more data transfer in set up than MuSig, but it's a nicer mathematical structure. It's also less robust.
Perhaps a random thought, but the bitcommitment primitive in bitvm seems to extend naturally from 2 to N different outcomes. Equivocation means 2 out of N preimages revealed, which for smallish N is ok, but it's combinatorial.
I can't help wondering if you could get fancy to make huge N values work: do a Lagrange interpolation/Shamir setup for 2 of N, such that seeing any 2 reveals the secret. Would need to be a 'point lock' not a 'hash lock', of course.
Thanks to ajtowns' mailing list post, I only just discovered the existence of delvingbitcoin.org.
For example it's very useful to be able to read a lot of the detailed, nuanced opinions about potential soft fork bundling here:
Use of fidelity bonds in pathcoin PoC affects UX. Are there any alternative ways to make it secure?
Cc: nostr:npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7
Yes, there is more than one way to approach it. See 'optimistic' pathcoin in my most recent post on the mailing list.
Several related ideas; lifting off chain, 2 party, just presigned tx chain, private pathcoin (what you see in that PoC code).
You may also find the slides from my Adopting bitcoin talk interesting:
I don't see anything with amazing utility yet. Maybe 'cold channels' is interesting.
h/t Ernesto Quezada, the ES govt has a listing of the companies that have successfully registered here as 'Digital Service Providers' under the new law:
https://cnad.gob.sv/public-registry/registration-of-digital-service-providers/
Great news!
It's not a good thing to suggest someone is Satoshi Nakamoto, even in jest. Over the years, a few people suffered from being targeted because of it (including e.g. Hal Finney's widow).
My thinking on PathCoin has extended out quite a bit. Laid out some new ideas here:
If anyone has Qs about what i mean, feel free to ask.
Ive had the exact same thought, I believe the case for open source AI winning is even stronger than the case for open source money winning.
An interesting connection is the use of compute power as a finite resource.
This is good supporting material for the technical determinism/inevitability argument for Bitcoin made by nostr:npub1a2cww4kn9wqte4ry70vyfwqyqvpswksna27rtxd8vty6c74era8sdcw83a in "Broken Money".
The cautionary part of this argument is to consider how lucky it was that Bitcoin's founder disappeared and wasn't a premine scammer or some other flavor of asshole like we saw in later projects. An honest founder/team was far from assured.
Yes, interesting thought. You could argue that anyone who would have released it completely openly, with no premine, would already have demonstrated enough.
Not sure if the opsec was essential or not. It certainly didn't hurt though, imo.
Cool, i always wondered if pistol whip would get that. It's presumably harder to make them because of the environments... does it just let people reuse the existing environments but just change the enemy placements?
Remarkable that Jakobsson and Juels, in 1999 wrote a paper 'Proof of work and Bread Pudding Protocols', building on work by Rivest and Shamir shortly before(?), that came pretty close to Bitcoin's design (see PIPOW and Section 4, quote: 'We show how to partition this task into a collection of POWs, enabling minting to be distributed among a collection of low power, untrusted entities'.
The comparison with activitypub/fediverse seems just wrong. Probably just because these were freeform/off the cuff comments. Surely the main difference there is client ownership of identity etc. though I'm sure there are others (but certainly not open source).
Are you pointing out there's a difference between algos reducible to known hardness assumptions (let's say Schnorr not ecdsa for simplicity), and thus computationally hard at best, vs information theoretic security like a one time pad? If so, good point to raise, but i trust both of the much more than the hardware substrate which is, to my mind, the biggest weak spot to worry about, and where it's the most important to worry about CPOFs.
When people are curious, as they often are, why I distrust hardware solutions for bitcoin, and only want to use cryptographic defenses (i.e. mathematics in software), I will in future point them to the subsection "A $325 million Treasure Hunt" in this article:
https://www.wired.com/story/unciphered-ironkey-password-cracking-bitcoin/
Le Matin (Suisse)
Trois moutons tués, mais pas de loup visé
Les mesures de protection étant insuffisantes autour du troupeau attaqué, aucune autorisation de tir ne sera délivrée.
https://www.lematin.ch/156673729099
#Presse #lematin #Suisse
In case you're wondering, I boosted this because it is clearly very important news that needs more attention.
Also to your question, yes, i the signer/miner nodes are validating BIP119 (though the fact that my own node, running Inquisition, is, is already enough for my testing purposes. (You can see with `bitcoin-cli -signet getdeploymentinfo`), some info at https://github.com/bitcoin-inquisition/bitcoin/wiki/Heretical-Deployments
All good now, no worries, but thanks.